Temporal Key Integrity Protocol

Temporal Key Integrity Protocol, or TKIP, is a security protocol used in the protection of data transmission across wireless networks. TKIP is part of the Wi-Fi Protected Access (WPA) certification. It was originally intended to replace Wired Equivalent Privacy (WEP) after the protection was found to have fundamental weaknesses that eventually meant it could be possible to compromise a network within minutes using readily available, and easy to find software. While WPA has been replaced by WPA2, which uses the Advanced Encryption Standard (AES) block cipher instead, it is still in common use (as is WEP unfortunately).

TKIP is not without its own problems however. Some weaknesses were found and revealed in 2008, none of which can lead to the full compromise of a network's security (yet). The weakness in WPA was reported by Martin Beck and Erik Tews, two graduate students in Germany. The attack could make it possible to compromise certain communications. Attackers can use the techniques to decrypt limited communications and can recover a special integrity checksum and send up to seven custom packets to clients on the network. In a real world situation however, there really is no cause for alarm using TKIP.

TKIP generally uses a Pre-share Key (PSK) in practice. This key, or "passphrase", is intended to be formulated by the owner of the network and then distributed to them to join the network. Anyone without the passphrase cannot join, simple. This passphrase could be a random string of characters or an actual understandable phrase, although random characters is highly recommended for security reasons. This Pre-share Key (PSK) is saved by most operating systems that have WiFi support built-in so that the computer can automatically connect to the network after disconnection without needing to use the passphrase again.

The hardware that drives the wireless network also needs to remember the passphrase for it to work. Attacks against weak passphrases could be successful if the passphrase is not strong. To get around this problem, manufacturers often include their own software that generates a strong passphrase which can be shared to machines through an in-between medium (USB key for example).